You are viewing limited content. For full access, please sign in.

Question

Question

Getting an error when creating Directory Server licensing site

Directory Server
Updated December 14, 2015
asked on November 23, 2015 Show version history

SQL Server 2012 Express. Directory Server 10 gives the following error:

A SQL error has occurred. (The INSERT statement conflicted with the FOREIGN KEY constraint "directory_objects_providers_fk". The conflict occurred in database "LFDirectoryServer", table "dbo.identity_providers", column 'id'. The statement has been terminated.) (LMO28)
0 0

Answer

SELECTED ANSWER
replied on December 1, 2015

After some further investigation, we suspect the issue may be occurring on first login for users after the database is successfully created, if there were issues with the current domain being added as an identity provider.

To determine if this is the case, please run the following SQL command:

SELECT * FROM [yourDatabaseNameHere].[dbo].[identity_providers]

If there are no values returned, then your issue is likely what we suspect. To help make sure we address the root cause, please open a support case so that we can gather data like event viewer logs and determine why the identity provider creation failed.

For now, you can try the following workaround to create the "default" identity provider manually:

USE [yourDatabaseNameHere]
GO

INSERT INTO [dbo].[identity_providers]
           ([name]
           ,[host]
           ,[type])
     VALUES
           ('yourDesiredIdPName'
           ,null
           ,1)
GO

Normally, default IdP name is taken from the DC components of your domain controller (so, mydomain.com is a common format), but in my testing, the name didn't matter.

After running that query to create the db, re-run the select * query and make sure the provider was created, and has Id 1. If it does, at this point, you should be able to log in to your site.

1 0

Replies

replied on November 30, 2015 Show version history

I can't reproduce your issue using SQL server 2012 express with Directory Server 10.

  • Are you on the latest service pack of SQL Express 2012?
  • Is this a new installation?
  • Are you trying to use an existing database?
  • When exactly are you getting this error (creating the site, viewing the site, after restart...)?
0 0
replied on December 1, 2015 Show version history

Microsoft SQL Server 2012 - 11.0.2100.60 (X64) 
    Feb 10 2012 19:39:15 
    Copyright (c) Microsoft Corporation
    Express Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) (Hypervisor)
 

New installation and new database. I get it when creating the licensing site. I tried twice. After getting the error the first time, I deleted the database and tried to create a new one but got the same error.

I just tried to go to the configuration page and I get this error:

0 0
replied on December 1, 2015

Try updating to the latest version, or at least applying service pack 1 for SQL Express. I tried Microsoft SQL Server 2012 (SP1) - 11.0.3128.0 (X64) and cannot reproduce your issue. Our help files state that Service Pack 2 is required, so it would be best to be as up to date as possible.

Other things to check/try:

  1. Is the Laserfiche Directory Server service running?
  2. Are there any events in the Laserfiche Directory Server event folders?
  3. Are you authenticating to SQL as a user that has enough rights? If you chose "Windows authentication", LFDS will authenticate as the user the LFDS service is running as.
  4. Do you get any errors if you create the database and run the schema manually? The schema is under C:\Program Files\Laserfiche\Directory Server\SQL, and is called schema.sql.

 

 

0 0
replied on December 1, 2015

I have same problem, I tried with SQL Server 2014 SP1 and Directory Server 10.

 

I think there is problem in Directory Server 10 because I created license site with Directory Server 9.2.1 without any problem.

 

I'm thinking maybe there is issue with schema.sql files as there are 3 files with different modified dates and versions: 9.0, 9.2 and 10 and I think there is conflict or change in file version.

0 0
replied on December 1, 2015

There are, in fact, three files: schema.sql is the latest version of the SQL schema, and the other two files are applied to older 9.2 databases to upgrade their schema to the current version. In Directory Server 10, the schema.sql file should be last modified on 11/5/2015.

As I mentioned, I cannot reproduce. Checking the above points will help us to narrow down the specific cases in which this issue may occur so that we can look into solutions, whether this means changing the LFDS or SQL configuration, or a bug fix on our side.

It may also be useful to open a support case for focused troubleshooting help.

replied on December 2, 2015

For me the server is not on domain and the table identity_providers is empty, but with DS 9.2.1 it is working fine.

0 0
replied on December 2, 2015

It sounds like you are running into the issue I described then. As mentioned, you can use any name in the workaround; it does not have to be the domain name.

The lack of a domain is likely why creating the default Identity Provider failed for you, so thank you for the information. Generally speaking, we expected users of Rio (and thus use LFDS) to be large enough to have a domain, but we do plan to address the issue brought up in this post.

From the root cause, we expect that it works 9.2 but not in 10: LFDS 10 will automatically add users logging in through to the LFDS site or using single sign-on for Social BPM for easier administration of these unlicensed users. We'll look to address this issue with the new functionality, and keep in mind for the future that some LFDS users do not have a domain.

For now, please use the workaround posted.

1 0
replied on December 14, 2015

In my case, I looked at that table in the LFDS database and there are two entries: 

id    name                   host                           type
1    xxxxxx.org            NULL                           1
3    ActiveDirectory    dc.xxxxxx.org              1

Does that look correct?  Still has the repeated LFS received an unrecognized or unexpected error from LFDS. Service Call=GetUnsignedTokenEx; LFDS error code=0 messages.

I did not execute the statement you followed up with since I had entries in there.  I will be opening up a ticket, but really trying to get this up and running before the end of today!  Seems so close since I can log on as a repository user.

replied on December 14, 2015 Show version history

It was a good idea to check, it but does seem like you have a different issue. You could also run the following:

SELECT TOP 1000 [id]
      ,[sid]
      ,[name]
      ,[type]
      ,[flags]
      ,[container_id]
      ,[namespace_id]
      ,[effective_namespace_id]
      ,[provider_id]
      ,[path]
  FROM [yourLFDSdatabase].[dbo].[directory_objects]
  where (provider_id is null
  or provider_id not in (1,3))
  and type = 0
  and flags < 258
  order by provider_id

This should return a list of your users with an Identity Provider other than the two you have registered. If there are global Laserfiche Users (Laserfiche users added in LFDS), they should show up with an Null provider ID, and have a flag of 17 or greater. Domain users are shown as Domain\username and should have flag of 16 or greater.

If there are domain users with a null Identity Provider, or a provider_id other than 1 or 3, that could be the issue.

0 0
replied on December 14, 2015

Your original suggestion worked for me, so I'm marking that as the answer.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...